SoylentNews is people
SoylentNews
Ars technica has an article about a system for cracking Master-brand combination locks and a calculator to speed up the process:
There's a vulnerability in Master Lock branded padlocks that allows anyone to learn the combination in eight or fewer tries, a process that requires less than two minutes and a minimal amount of skill to carry out.
The technique was devised by Samy Kamkar, a serial hacker who has created everything from stealthy keystroke-pilfering USB chargers to DIY stalker apps that mined Google Streetview. In 2005, he unleashed the Samy worm, a cross-site scripting exploit that knocked MySpace out of commission when it added more than one million MySpace friends to Kamkar's account.
Samy's website (js required) lists some of his exploits and looks like a graphical desktop. The calculator is also freely available .
(Score: 5, Informative) by Marand on Saturday May 02 2015, @12:21PM
That's cute. He's basically doing what Perl's Bleach [metacpan.org] module does, except not as clever. (Bleach's code [metacpan.org] for comparison.)
As for how it works, he's using tabs and spaces to represent binary, taking seven at a time with a regex, then using a couple more regexes to replace tabs with 1s, spaces with 0s. Then converting binary to decimal to character to get html. It took me longer to get his giant one-liner of tabs and spaces (22k characters in a line, lol) to paste into a text file without mangling than it did to rig a half-assed decoder to dump the page source to stdout. :P
Also, his desire to obfuscate, plus the actual page's code having things like 'onLoad="pwn()"' in the <body> tag kind of proves my original point: why would anybody trust this wanker's JS?
(Score: 0) by Anonymous Coward on Saturday May 02 2015, @12:41PM
Balls of steel man...